Bug 24817 - resteasy new security issue CVE-2016-6346
Summary: resteasy new security issue CVE-2016-6346
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Java Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on: 27750
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-14 20:20 CEST by David Walser
Modified: 2024-03-14 11:24 CET (History)
3 users (show)

See Also:
Source RPM: resteasy-3.0.19-2.mga7.src.rpm
CVE:
Status comment: Fixed upstream in 3.5.1


Attachments

Description David Walser 2019-05-14 20:20:06 CEST
RedHat has issued an advisory today (May 14):
https://access.redhat.com/errata/RHSA-2019:1222

Wasn't easy to find, but resteasy is bundled in candlepin, and they updated this CVE by updating resteasy to 3.5.1.  Not sure if there's a 3.0.x with the fix.
David Walser 2019-05-14 20:20:25 CEST

Whiteboard: (none) => MGA6TOO

David Walser 2019-06-23 19:14:46 CEST

Whiteboard: MGA6TOO => MGA7TOO, MGA6TOO

David Walser 2020-01-14 18:09:50 CET

Status comment: (none) => Fixed upstream in 3.5.1

Nicolas Lécureuil 2020-05-22 14:05:49 CEST

CC: (none) => mageia
Whiteboard: MGA7TOO, MGA6TOO => MGA7TOO

Comment 1 Zombie Ryushu 2020-12-05 14:21:47 CET
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

URL: (none) => https://nvd.nist.gov/vuln/detail/CVE-2020-25633
CC: (none) => zombie_ryushu
CVE: (none) => CVE-2020-25633

Zombie Ryushu 2020-12-05 14:22:23 CET

Summary: resteasy new security issue CVE-2016-6346 => resteasy new security issue CVE-2016-6346 CVE-2020-25633

David Walser 2020-12-05 14:37:52 CET

Depends on: (none) => 27750

David Walser 2020-12-05 14:38:05 CET

Depends on: 27750 => (none)
Summary: resteasy new security issue CVE-2016-6346 CVE-2020-25633 => resteasy new security issue CVE-2016-6346
CVE: CVE-2020-25633 => (none)

David Walser 2020-12-05 14:38:20 CET

Depends on: (none) => 27750

David Walser 2020-12-28 17:16:41 CET

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-25633 => (none)

David Walser 2020-12-29 00:24:08 CET

Whiteboard: MGA7TOO => MGA8TOO, MGA7TOO

Comment 2 Nicolas Lécureuil 2021-01-04 21:30:55 CET
currently working to update it.
Comment 3 David Walser 2021-07-01 18:45:33 CEST
Removing Mageia 7 from whiteboard due to EOL:
https://blog.mageia.org/en/2021/06/08/mageia-7-will-reach-end-of-support-on-30th-of-june-the-king-is-dead-long-live-the-king/

Whiteboard: MGA8TOO, MGA7TOO => MGA8TOO

Comment 4 Nicolas Salguero 2024-03-14 11:24:32 CET
That issue was fixed in 3.0.20 and Mageia 8 had 3.0.26

Resolution: (none) => OLD
Whiteboard: MGA8TOO => (none)
Status: NEW => RESOLVED
CC: (none) => nicolas.salguero
Version: Cauldron => 8


Note You need to log in before you can comment on or make changes to this bug.